Permissions, Privileges, and Access Controls in sudo (Alpine package)



Published: 2013-03-26
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2013-1775
CWE-ID CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		sudo (Alpine package)
Operating systems & Components / Operating system package or component

Vendor Alpine Linux Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU32716

Risk: Low

CVSSv3.1: 7.3 [CVSS:3.1/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-1775

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

Mitigation

Install update from vendor's website.

Vulnerable software versions

sudo (Alpine package): 1.8.4_p5-r0 - 1.8.6_p3-r0

External links

http://git.alpinelinux.org/aports/commit/?id=314fb3a58d3b6e01772b9759cf035551545310f1
http://git.alpinelinux.org/aports/commit/?id=62d5c7cb77030f311d0970d4fc51010aa53169ff
http://git.alpinelinux.org/aports/commit/?id=7a067398f96da893126a5c03f44271876801f30a


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###